Sybil Hunters Beware: Airdrop Farming Tool Exploit Drains $5M
Key Takeaways
• Ads Power was compromised, leaking private keys via a fake wallet plugin update.
• Over 20,000 wallets drained, with nearly $5M in losses.
• Closed-source tools with wallet access are inherently dangerous — they can and do betray users.
• Security audits aren’t guarantees — CertiK’s report was quietly deleted after the incident.
• If it touches your keys, it must be open-source — or not trusted at all.
• Use dedicated devices and hardware wallets for serious assets.
• Security needs friction — shortcuts lead to exploits.
• Build your own tools. Relying on shady scripts will always backfire.
“When shortcuts turn into exit scams.”
On January 25th, while crypto airdrop farmers pre-celebrated upcoming token drops from chains like Berachain and Linea, a silent heist unfolded.
A hacked browser extension linked to Ads Power—a popular anti-detection tool for mass Sybil farming—had been leaking private keys since January 17th.
Over 20,000 wallets were drained, with losses nearing $5M. Only those who raced to move funds upon early warnings salvaged their assets.
How It Went Down
The attacker hijacked Ads Power’s plugin update server, pushing fake metamask/okx wallet that harvested seed phrases.
Ads Power privately alerted select users via dm instead of issuing public warnings at first.
Certik’s glowing security audit for Ads Power (posted Jan 3rd) was quietly deleted post-exploit.
This isn’t new. Centralized "black box" tools—Dexx (hacked Q3 2023), Bitbrowser (2022 leak)—keep imploding. Why?
They’re built to betray you. Closed-source tools with access to your keys + constant internet connectivity = ticking time bombs.
Incentives to rug. When user funds dwarf the project’s revenue (see: referral-driven ad models), exit scams print life-changing money.
Surviving the Sybil Grind
Never trust Closed-source tools. If it touches your keys, it’s dangerous.
Airgap your stacks. Use a dedicated device for crypto—no games, no random software.
Hardware wallets for heavy bags. OneKey, Trezor or Ledger, ensure keys never touch networked devices.
Why This Targets You
Airdrop farmers = low-hanging fruit. Sybil clusters often hold six-figure balances across wallets.
Unlike mainstream apps, crypto tools have fewer users but far juicier payloads for hackers.
The Uncomfortable Truth
Security requires friction. Write down seed phrases. Click confirmations manually. Accept that chasing 100x efficiency via sketchy tools will eventually backfire.
The crypto graveyard is filled with "convenient" solutions—Mt. Gox, FTX, and now farming utilities. Your keys, your responsibility. Stop cutting corners.
Final note: If you’re farming at scale, build your own scripts. No shortcuts, no leaks.
